Play ransomware extortionists listed MyPillow as an alleged victim on a name-and-shame leak site. The threat demanded payment by Friday and claimed stolen data would be leaked. The claimed data included private and personal confidential information, client documents, budget, payroll, IDs, taxes, and finance information. The extortionists did not specify the amount of data taken. The FBI said Play operators had allegedly exploited about 900 organizations as of May 2025, and the ransomware variant often ranks among the top five targeting critical infrastructure. Play previously stole Swiss government files after breaching an IT supplier, later hacked Microchip Technology, and North Korean actors have also used Play in intrusions. Cisco Talos reported Play used “EDR killers” to disable endpoint security products.
"The pillow shop first appeared on Play's name-and-shame data leak site on Monday, with the gang threatening to leak stolen data by Friday if MyPillow execs don't pay the ransom demand. While the extortionists didn't specify how many gigabytes of data they allegedly stole from MyPillow, they claim it includes "private and personal confidential data, client documents, budget, payroll, IDs, taxes, finance information" and more, according to the dark-web post seen by The Register and shared on social media by threat-intel firm FalconFeeds."
"As of May 2025, the FBI said Play ransomware operators had allegedly exploited about 900 organizations, and the crew's ransomware variant consistently ranks among the top five targeting critical infrastructure. Play previously stole around 65,000 Swiss government files after breaching its IT supplier Xplain in 2023. A year later, the group hacked Microchip Technology. The American semiconductor manufacturer told regulators that the ransomware attack disrupted some of its business operations and cost it $21.4 million in expenses related to the security incident."
"North Korean government goons have also used Play ransomware in their intrusions. Cisco Talos' incident responders previously told The Register that Play was one of the crews that used so-called "EDR killers" to disable endpoint security products in their ransomware infections."
Read at theregister
Unable to calculate read time
Collection
[
|
...
]